Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11

Thread: Date

  1. #1
    Regular Coder
    Join Date
    Jul 2005
    Location
    Oxfordshire, UK
    Posts
    144
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Date

    What i am trying to do is on my members register page i am attempting to insert the current date and then the current date plus 1 year. The first date is used for signup and the second is expiry of account as accounts will only be valid for one year.

    Can anyone help me with this?


    Also, does anyone know of a way i can expire accounts in the mysql database when the expiry date is reached?

  • #2
    teh Moderatorinator
    Join Date
    Sep 2004
    Location
    USA
    Posts
    2,472
    Thanks
    4
    Thanked 40 Times in 40 Posts
    You can use mysql's Now() function to insert the current date. And looking through the Date and Time functions page, Maybe you can use the Date_Add() function and add 1 year to now().
    Code:
    DATE_ADD(NOW(), INTERVAL 1 YEAR);
    Good luck

  • #3
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yep, that's how it works. This thread may help, too.

  • #4
    Regular Coder
    Join Date
    Jul 2005
    Location
    Oxfordshire, UK
    Posts
    144
    Thanks
    0
    Thanked 0 Times in 0 Posts
    where exactly in the code of my page would i put that? the field in the database is called signup. and do i need to have any specific settings in the database? im a recent newbie to php and mysql but getting to grips with it now!!

  • #5
    teh Moderatorinator
    Join Date
    Sep 2004
    Location
    USA
    Posts
    2,472
    Thanks
    4
    Thanked 40 Times in 40 Posts
    In your insert statement. You have two date fields, signup, and then experation? Well, whatever the names are, when you run your insert query, for the values of signup and experation, use NOW(), and then DATE_ADD(NOW(), INTERVAL 1 YEAR);

    If you run into problems post up the code so we can take a look.

    Good luck

  • #6
    Regular Coder
    Join Date
    Jul 2005
    Location
    Oxfordshire, UK
    Posts
    144
    Thanks
    0
    Thanked 0 Times in 0 Posts
    k, i tried what you said.

    When i enter both sections of code i get an error saying, couldnt execute query, so i tried just adding the current date with this code in my query:

    PHP Code:
    $query "INSERT INTO users (username,password,email,age,location,sex,msn,website,link,about,address,live,venue,mobile,dob,signup,expire)    
            VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[age]','$_POST[location]','$_POST[sex]','$_POST[msn]','$_POST[website]','$_POST[link]','$_POST[about]','$_POST[address]','$_POST[live]','$_POST[venue]','$_POST[mobile]','$_POST[dob]','$_POST[signup]','NOW()')"

    this posted the signup successfully however the date in the database has appeared as 0000-00-00..... any suggestions? can someone please enter the code into the query for me so i know how to do it...

    Thanks for your help guys!

  • #7
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Don't put quotes around function calls -- single quotes are for strings, so you're literally entering NOW() into your database, which is being converted to 0's, because it's not a valid date. Did you check out the link I posted above? It's got examples of what you're trying to do.

    As an aside, you really shouldn't drop variables directly from POST into your query. It opens you to an Injection attack.

  • #8
    Regular Coder
    Join Date
    Jul 2005
    Location
    Oxfordshire, UK
    Posts
    144
    Thanks
    0
    Thanked 0 Times in 0 Posts
    hi, that works a dream! gotta figure out now how i can expire passwords after the year subscription, or get users to recieve an email and re-register so thier membership is valid for another year! sure i can work it out!!

    Can you just browse this code and tell me if its open to sql injection.... i think its protected but not sure...

    PHP Code:
    <?php

    include 'config.php';

    function 
    is_alphachar($text) {

        for (
    $i 0$i strlen($text); $i++) {
            
            if (!
    ereg("[A-Za-z0-9]"$text[$i])) {
                return 
    1;
            }
        }
        }

    $form .= "<center><font size=\"2\" face=\"verdana\"><b>Fill out the form below to become a member of the Submerse Members area and get instant access to Submerse exclusives!. <br></b><br></center></font>";
    $form .= "<form action=\"./register.php\" method=\"POST\">";
    $form .= "============================================";
    $form .= "<b><br><font size=\"2\" face=\"verdana\">Please supply the following information for your login details.<br></b></font><br>";
    $form .= "<font size=\"1\" face=\"verdana\">Username: <br><input type=\"text\" name=\"username\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Your email: (This will be used to recover your account.)<br><input type=\"text\" name=\"email\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Password: <br> <input type=\"password\" name=\"password\"><br></font>";
    $form .= "============================================";
    $form .= "<font size=\"2\" face=\"verdana\"><br><b>Please supply the following information for your profile.</b><br><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Age: <br><input type=\"text\" name=\"age\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Date of Birth(ddmmyy): (This will not be publicly displayed)<br><input type=\"text\" name=\"dob\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Location: <br><input type=\"text\" name=\"location\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Sex: <br><select name=\"sex\"><option value=\"male\">male</option><option value=\"female\">female</option></select><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">MSN: <br><input type=\"text\" name=\"msn\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Website: <br><input type=\"text\" name=\"website\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Favourite Link: <br><input type=\"text\" name=\"link\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">About Yourself: <br><textarea name=\"about\"></textarea><br></font>";
    $form .= "============================================";
    $form .= "<font size=\"2\" face=\"verdana\"><br><b>Please supply the following information for our records.</b><br><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">What is your postal address? <br> (used to send out stickers, newsletters etc) <br><textarea name=\"address\"></textarea><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">What is your mobile number? <br> (needed for us to contact you regarding backstage access) <br><input type=\"test\" name=\"mobile\"><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">Ever seen Submerse Live?: <br><select name=\"live\"><option value=\"yes\">Yes</option><option value=\"no\">No</option></select><br></font>";
    $form .= "<font size=\"1\" face=\"verdana\">If yes, Where? <br><input type=\"text\" name=\"venue\"><br></font>";
    $form .= "<input type=\"submit\" value=\"Create!\">";
    $form .= "</form>";

    if(
    $_POST[username] == ""){
    echo 
    $form;
    } elseif(
    strlen($_POST[password]) < 6){
    echo 
    $form;
    echo 
    "<br> Error password must be 6 characters or more";
    } else {
    $connection mysql_connect($hostname$user$pass)
    or die(
    mysql_error());
    $db mysql_select_db($database$connection)
        or die(
    mysql_error());


    $sql "SELECT username FROM users
        WHERE username = '$_POST[username]'"
    ;

    $sql2 "SELECT email FROM users
        WHERE email = '$_POST[email]'"
    ;

    $result mysql_query($sql)
        or die (
    "Couldn't execute query.");

    $result2 mysql_query($sql2)
        or die (
    "Couldn't execute query.");

    $num mysql_num_rows($result);
    $num2 mysql_num_rows($result2);

    if (
    is_alphachar($_POST[username]) == 1) {
    echo 
    $form;
    echo 
    "Invalid Username. Only numbers/letters and underscores are allowed.<br>";
    die;
    }
    if (
    $num == 1) {


    echo 
    "Error, username already exists!";

    } elseif (
    $num2 == 1) {
    echo 
    "Error, that email address has already been registered. Please select a different one.";
    } else {

    $query "INSERT INTO users (username,password,email,age,location,sex,msn,website,link,about,address,live,venue,mobile,dob,signup,expire)    
            VALUES ('$_POST[username]','$_POST[password]','$_POST[email]','$_POST[age]','$_POST[location]','$_POST[sex]','$_POST[msn]','$_POST[website]','$_POST[link]','$_POST[about]','$_POST[address]','$_POST[live]','$_POST[venue]','$_POST[mobile]','$_POST[dob]',NOW(),DATE_ADD(NOW(), INTERVAL 1 YEAR))"
    ;
    $resultB mysql_query($query,$connection) or die ("Coundn't execute query.");
    echo 
    "Congratulations! Your account has been created!";
    echo 
    "<br><a href=\"index.php\">Back to login area</a>";
    }
    }
    ?>

  • #9
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Can you just browse this code and tell me if its open to sql injection....
    yes it is. You should run the
    if (is_alphachar($_POST[username]) == 1) {
    check before your select.

    i could insert a new users in your userstable or possibly even create a new mysql account (depending on the permissions your account has).

    you should check all userinput (username, password, email etc) before using it inside a query, not after using it.

    by the way: there isn't even a single line in your code (except the php-tags) that can't be improved. (i know; i'm not known as a nice guy). if you're intrested in getting your code straightened out, then post back and we can write you a 'best practice' version of it.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html

  • #10
    Regular Coder
    Join Date
    Jul 2005
    Location
    Oxfordshire, UK
    Posts
    144
    Thanks
    0
    Thanked 0 Times in 0 Posts
    k, if you can write a best practice version. i would be interested to see it.

  • #11
    raf
    raf is offline
    Master Coder
    Join Date
    Jul 2002
    Posts
    6,589
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Something like this:
    PHP Code:
    <?php
    require('config.php'); // require will give a fatal error if the fale can not be included. include will just give a warning and then continue. since you're grabbing your mysql accountdetails here, a warning isn't enough.
    // we don't need that functio you wrote. there is a build in function that does exactly the same : ctype_alnum()

    $post_uname trim($_POST['username']);
    $post_pwd trim($_POST['password']);
    $post_email trim($_POST['email']);
    // and so on for all formfields
    // you should also check all other formfields here using regex and ctype-function
    $validinput True;
    if(
    $post_uname == ""){ 
        
    $validinput False;
        
    $errormessage '<br />No username supplied.';
    }
    if (!
    ctype_alnum($post_uname)){
        
    $validinput False;
        
    $errormessage .= '<br />Invalid username. Use only numbers and letters.';
    }
    if(
    strlen($post_pwd) < 6){
        
    $validinput False;
        
    $errormessage .= '<br /> Error password must be 6 characters or more';
    }
    if(!
    ctype_alnum($post_pwd)){
        
    $validinput False;
        
    $errormessage .= '<br />Invalid password. Use only numbers and letters.';
    }
    if(!
    eregi('^[_\.0-9a-zA-Z-]+@([0-9a-zA-Z]+\.)+[a-zA-Z]{2,6}$'$post_email)) {
        
    $validinput False;
        
    $errormessage .= '<br />Invalid email adress.';
    }
    // and so on for all formfields
    if (!$validinput){
    // your concatination for the $form variable is inefficient + your string can better be inclosed in single quotes
    //i din't change the html, but it's clear that you should make it valid xhtml + do your layouting through css

        
    echo '<center><font size="2" face="verdana"><b>Fill out the form below to become a member of the Submerse Members area and get instant access to Submerse exclusives!. <br></b><br></center></font>
                <form action="./register.php" method="POST">
                    ============================================
                    <b><br><font size="2" face="verdana">Please supply the following information for your login details.<br></b></font><br>
                    <font size="1" face="verdana">Username: <br><input type="text" name="username"><br></font>
                    <font size="1" face="verdana">Your email: (This will be used to recover your account.)<br><input type="text" name="email"><br></font>
                    <font size="1" face="verdana">Password: <br> <input type="password" name="password"><br></font>
                    ============================================
                    <font size="2" face="verdana"><br><b>Please supply the following information for your profile.</b><br><br></font>
                    <font size="1" face="verdana">Age: <br><input type="text" name="age"><br></font>
                    <font size="1" face="verdana">Date of Birth(ddmmyy): (This will not be publicly displayed)<br><input type="text" name="dob"><br></font>
                    <font size="1" face="verdana">Location: <br><input type="text" name="location"><br></font>
                    <font size="1" face="verdana">Sex: <br><select name="sex"><option value="male">male</option><option value="female">female</option></select><br></font>
                    <font size="1" face="verdana">MSN: <br><input type="text" name="msn"><br></font>
                    <font size="1" face="verdana">Website: <br><input type="text" name="website"><br></font>
                    <font size="1" face="verdana">Favourite Link: <br><input type="text" name="link"><br></font>
                    <font size="1" face="verdana">About Yourself: <br><textarea name="about"></textarea><br></font>
                    ============================================
                    <font size="2" face="verdana"><br><b>Please supply the following information for our records.</b><br><br></font>
                    <font size="1" face="verdana">What is your postal address? <br> (used to send out stickers, newsletters etc) <br><textarea name="address"></textarea><br></font>
                    <font size="1" face="verdana">What is your mobile number? <br> (needed for us to contact you regarding backstage access) <br><input type="test" name="mobile"><br></font>
                    <font size="1" face="verdana">Ever seen Submerse Live?: <br><select name="live"><option value="yes">Yes</option><option value="no">No</option></select><br></font>
                    <font size="1" face="verdana">If yes, Where? <br><input type="text" name="venue"><br></font>
                    <input type="submit" value="Create!">
                </form>'
    $errormessage;
    }else{
    /*
    All this should be in a seperate file that you include (with require() ) and that is placed above the webroot
    $connection = mysql_connect($hostname, $user, $pass)
    or die(mysql_error());
    $db = mysql_select_db($database, $connection)
        or die(mysql_error());
    */

        
    $sql "SELECT count(*) FROM users WHERE username = '"$post_uname ."'";
        
    $result mysql_query($sql$connection) or die("Couldn't execute query username.");
        if (
    mysql_result($result,0) >= 1){
            echo 
    "Error, username already exists!";
        } else {
            
    $sql "SELECT count(*) FROM users WHERE email = '"$post_email ."'";
            
    $result mysql_query($sql$connection) or die("Couldn't execute query email.");
            if (
    mysql_result($result,0) >= 1){
                echo 
    "Error, email already exists!";
            }else{
                
    $query "INSERT INTO users (username,password,email,age,location,sex,msn,website,link,about,address,live,venue,mobile,dob,signu  p,expire)    
                        VALUES ('"
    $post_uname ."','"$post_uname ."','"$post_email ."','$_POST[age]','$_POST[location]','$_POST[sex]','$_POST[msn]','$_POST[website]','$_POST[link]','$_POST[about]','$_POST[address]','$_POST[live]','$_POST[venue]','$_POST[mobile]','$_POST[dob]',NOW(),DATE_ADD(NOW(), INTERVAL 1 YEAR))";
    // all these $_POST[age] fields should also be made safe with mysql_real_escape_string(), after you checked that their valueformat was correct and they didn't contain unexpected/illegal values
                
    $resultB mysql_query($query,$connection) or die ("Coundn't execute query.");
                if (
    mysql_affected_rows($resultB) === 1){
                    echo 
    'Congratulations! Your account has been created!
                        <br /><a href="index.php">Back to login area</a>'
    ;
                }else{
                    echo 
    'Error! Your account has not created';
                }
            }
        }
    }
    ?>
    Of course, whan you wanna do serious PHP work, then you'll probably have a formprocessing classe to ease checking the posted values.

    I just worked out the first three as an example, but you of course also need to check and process all other posted fields

    When i check a posted form, i always check all fields and don't stop after the first error. Also, inside my formprocessing code, i set the class of the formfields that were invalid. because i use css for my layout, i can then very easy change the backgroundcolour of all invalid fields to make it easier on the user to correct them.
    Posting guidelines I use to see if I will spend time to answer your question : http://www.catb.org/~esr/faqs/smart-questions.html


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •